Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Suricata 'Enable Packet Log'

    Scheduled Pinned Locked Moved IDS/IPS
    3 Posts 2 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      JasonAU
      last edited by

      Hi community

      I've enabled 'Enable Packet Log' for my WAN interface where will Suricata save this file ? I found an empty 'packetcapture.cap' in /root but I think this is from the pfsense utility to capture packets

      Secondly what's the quickest way to download the suricata pcap file once I find it onto my windows machine

      Brisbane Queensland Australia

      1 Reply Last reply Reply Quote 0
      • bmeeksB Offline
        bmeeks
        last edited by

        @JasonAU:

        Hi community

        I've enabled 'Enable Packet Log' for my WAN interface where will Suricata save this file ? I found an empty 'packetcapture.cap' in /root but I think this is from the pfsense utility to capture packets

        Secondly what's the quickest way to download the suricata pcap file once I find it onto my windows machine

        All Suricata log files and packet captures will be stored in /var/log/suricata and sub-directories underneath there.

        Bill

        1 Reply Last reply Reply Quote 0
        • J Offline
          JasonAU
          last edited by

          Thankyou !

          Will be using it to teach myself some things

          Brisbane Queensland Australia

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.